Legal Agreements for Chrome Extensions

Chrome Extensions are additional browser add-ons that enhance user experience while browsing online. These extensions help users to maximize the functionalities of Chrome while making the browser more customized and unique for each user's preferences.

In order to create this unique user experience, most extensions end up collecting some personal information while also providing functionality. Because of this, it's important that you include a Privacy Policy and Terms and Conditions0 agreement (also known as a Terms of Use or Terms of Service) along with your Extensions.

Examples of a Chrome Extension with Privacy Policy and/or Terms & Conditions

It's easy to display your legal agreement links directly in your Extension download page.

Here's how Honey includes its Terms and Conditions in its Chrome Extension download page.

Here's another example of how Click&Clean provides a link to its Privacy Policy agreement on its Chrome Extension page.

The Microsoft Office Online Chrome Extension links to its Privacy Policy agreement and lets users know that they are automatically agreeing to the Terms and Conditions by installing the Chrome Extension.

Laws Covering Legal Agreements for Chrome Extensions

Certain continents, countries and states have laws that protect the personal data of their citizens. Most of these laws require you to have a Privacy Policy in place if you collect or use any personal information from your users. This means that if your extension collects so much as an email address or username, you'll need a Privacy Policy.

The GDPR

The General Data Protection Regulation (GDPR) is designed to arm European citizens with more control over their data. It applies to members of the EU or any organization that offers products or services to members of the EU regardless if they are members of the EU or not.

The GDPR was approved by the EU parliament on April 14, 2016 and has an enforcement date of May 25, 2018.

This is to date the most inclusive and expansive privacy protection law.

COPPA

The Children's Online Privacy Protection Act (COPPA) was put in place in 1998. It took effect on April 21st, 2000 and was further modified on July 1st, 2013. It's a U.S. Federal law set in place to protect the privacy of minors below the age of 13.

COPPA by design should apply to the United States, but since people around the world could possibly interact with children in the US, it has to be complied with worldwide.

CalOPPA

Just like COPPA, the California Online Privacy Protection Act (CalOPPA) agreement was designed specifically by and for California, but it affects businesses around the world.

CalOPPA's jurisdiction covers any website that collects personally identifiable information from California residents, regardless of where that website originates from.

Privacy Policy Agreements for Chrome Extensions

It's not only the laws discussed above that require a Privacy Policy if your Extension collects or uses personal information.

Chrome's Developer Program Policies states that you must disclose how you collect, use and share the data you have collected with your Extension. You must also limit the use of the data you collect to what you've disclosed to users in your Privacy Policy.

Privacy Policy Requirements

Your Privacy Policy must have certain disclosures, including the following:

• How and why your extension collects, uses and shares data
• Any third parties your extension shares the data with
• Give users the opportunity to limit the extension's access to their personal information
• Offer users the opportunity to opt out of data collecting/processing

You must include a link to the Privacy Policy in the Chrome Web Store Dashboard and in the product inline installation page.

Privacy Policy Clauses for Chrome Extensions

Here are a few clauses that your Privacy Policy for Chrome Extensions should include.

1. What Information You Collect and How

Your Privacy Policy must clearly let your users know what types of information you collect from them and when this collection occurs. In some cases, the users directly supply this information. Some information may be automatically collected. Regardless of how you get your users' information, your Privacy Policy agreement must disclose how this is done.

Here's an example of a basic clause like this from Mixesoft:

This example from LogMeIn is more detailed and has each type of collected data broken down. Users are told how the data is collected and generally why.

2. What You Do with the Data You Collect

Inform your users what you intend to do with their data.

LogMeIn includes a number of specific examples of how it uses information it collects and receives:

3. Cookies Policy/Cookies Clause

According to the EU cookies directive, businesses in Europe or ones that are directed towards EU citizens are required to have separate Privacy Policy and Cookies Policy agreements. UK-based websites that don't follow this directive could be fined £500,000 by the British Information Commissioner's Office (ICO).

If you have a separate Cookies Policy, link it to your Privacy Policy.

If you don't have a separate Cookies Policy, you should include a Cookies clause that lets users know that you use cookies and how you use them.

LogMeIn explains its Cookies use within its Tracking Technologies clause in its Privacy Policy.

4. Relationships with Third Party

Third parties such as social networking apps, analytics apps and advertising agencies may access the data you've collected when they are integrated with your websites or extension. Let your users know whether you disclose their personal information to such third parties.

Here's how LogMeIn discloses this.

5. Dispute Resolution

Include a clause that discusses dispute resolution. This will help you in the event that someone wants to bring legal action against you because of something related to your Chrome Extension.

6. Transfer of Business

Users have a right to know what happens to their information if your business merges with another organization. A business transfer clause lets users know that their personal data would remain protected and secured even in the event that the business ceases to be yours.

7. Updates to Privacy Policy

Your Chrome Extension users must be notified when you make any changes to your Privacy Policy. Inform them that you may make changes to the agreement in the future, and let them know how you will notify them of any changes.

Terms and Conditions

Another legal agreement that you should include with your Chrome Extension is a Terms and Conditions agreement. While not required by law, this agreement is where you'll spell out your rules, restrictions and limitations that users must agree to before using your Extension.

Terms and Conditions Clauses for Chrome Extensions

Here are a few examples of clauses that you should include in your Chrome Extension Terms and Conditions.

1. Prohibited Uses

This clause will cover user conduct and list out what a user is not allowed to do. Common prohibited uses include:

• Bypassing security features
• Reverse engineering
• Transferring or selling your user account
• Distributing malicious code or viruses through the extension
• Using the extension to harass, stalk or harm anyone
• Etc.

This clause should be very detailed and really list out everything you don't want someone to do with your Extension.

Some catch-all language can be used, such as a prohibition on "any illegal activities."

Here's an example of part of the User Conduct clause in Screencastify's Extension Terms and Conditions:

2. Intellectual Property

Your Intellectual Property clause is where you let users know that you own all of the IP for the Extension.

While you likely limited users from infringing upon your IP rights in the Prohibited Conduct clause just discussed, you can use this clause as another reminder that users cannot do things such as use or modify your trademarks, logos, service marks and other forms of your IP.

Here's an example from Screencastify:

3. License Grant/Right to Use Service

This clause is where you make it clear to your users that by installing your Extension, they're only being granted a right to use the service. You'll typically see this clause say something like, "We grant you a worldwide, non-exclusive and non-transferable right to use our Services..."

Here's how Screencastify does this:

4. Refunds

It's up to you to decide whether you'll offer refunds if you charge users for your Extension or for additional features after installation.

The Mail Track Company offers full refund within 30 days and it's as simple as that:

You may have a more complex refund policy than this, like this one from Microsoft Azure:

Whatever your policy is, just spell it out in this clause. If your extension is completely free, you obviously don't need to worry about this clause at all.

5. Support

If you offer support for your Extension, include information about how a user can contact support.

The Mail Track Company uses both an email and a support center:

6. Copyright Infringement

If you allow users to post content, the Digital Millennium Copyright Act (DMCA) in the United States requires that you include a clause addressing copyright violations. This clause should let users know how to report suspected copyright infringement on your website.

LogMeIn does it this way:

7. Disclaimer of Warranties

When you offer an Extension, you're going to want to include a Disclaimer of Warranties clause in your Terms and Conditions.

This clause is where you make it clear that your extension is provided "as is" and may not be error-free or provide uninterrupted service.

Warranties clauses tend to be fairly standard across the board.

Here's one from Text Blaze's Terms of Service:

8. Limitation of Liability

A Limitation of Liability clause does exactly what it sounds like it does. It limits your liability in the event that someone experiences damages as a result of using your Extension. These damages can be things like loss of data.

Similarly to the Disclaimer of Warranty clause, these clauses tend to be very standard.

Here's an example from Text Blaze:

9. Termination

A Termination clause is where you maintain your right to terminate user accounts if a user violates any of the conditions in your legal agreements, and where you let users know how to go about terminating their own accounts. Companies often choose to maintain the right to terminate accounts based solely on their discretion, as well.

Again, this is a clause that's fairly standard throughout Terms and Conditions agreements.

Here's an example from Text Blaze:

10. Governing Law

Chances are you have users all over the world using your Extension. Because of this, you're going to want to include a Governing Law clause in your Terms and Conditions.

This clause lets you set forth what laws govern your agreement. For example, if your business is headquartered and operating from California, you can choose California law as your governing law. That way, if someone from China sues you over your Extension, Chinese law will not apply but California law will.

Here's an example from Spotify:

If you do a lot of business around the world, you can choose to use multiple governing laws, such as in this example from NewsWhip. There's one governing law for U.S. users and one for users elsewhere.

So, if you offer a Chrome Extension, make sure you also provide your users with a Privacy Policy and a Terms and Conditions agreement.

A Privacy Policy is likely legally required, while a Terms and Conditions is highly recommended.